Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Access or Trunk Port? that is the question

This thread has been viewed 12 times

  • 1.  Access or Trunk Port? that is the question

    Posted Jan 17, 2018 08:41 PM

    I have inherited a network with a centralized controller and 100+ APs across 15 locations.  The APs are on switch trunk ports and access ports across the sites, sometimes both in the same site.  What madness.  Shouldn't it be one or the other?  Which?  Yes, there are more than one VLAN (3) and each is related to a separate SSID.



  • 2.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 17, 2018 09:03 PM

    Are these APs tunneling clients to a controller or are they instant APs?

     

    If I am tunneling clients to a controller I put the APs on access ports. If I am bridging wireless clients to multiple VLANs using instant access points and no controller, I use a trunk port. 

     



  • 3.  RE: Access or Trunk Port? that is the question

    Posted Jan 17, 2018 09:09 PM
    Each remote location has 100 mbps Layer 2 point to point fiber.


  • 4.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 17, 2018 11:36 PM

    Controller or no controller?



  • 5.  RE: Access or Trunk Port? that is the question

    Posted Jan 18, 2018 09:49 AM
    Controller at centralized data center


  • 6.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 18, 2018 10:57 AM

    You will need to check your config but most likely you are tunneling all wireless client traffic to the dc. In that case the access points themselves could be on an access port. 



  • 7.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 18, 2018 11:02 AM

    If you care at all about WIDS / detecting rogue APs you should set the interface to trunk and native VLAN to the VLAN you want the APs to pass traffic on. It's important for the APs to recieve the broadcast traffic on the other VLANs particularly the wired VLAN in the same coverage areas where someone may potentially plug in a rogue AP. Also ensure STP is disabled on AP ports.



  • 8.  RE: Access or Trunk Port? that is the question

    Posted Jan 18, 2018 01:28 PM

    RSTP is ok right?



  • 9.  RE: Access or Trunk Port? that is the question

    Posted Jan 18, 2018 11:14 AM

    Good point, all Internet content filtering is done at the dc on the FW there.  There is no internet at the remote sites, so servers either.  But there is local printing.



  • 10.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 18, 2018 12:43 PM

    Great point Marcus! That's not usually on my mind but is true and a good Idea if WIDS is important to them. :-) 



  • 11.  RE: Access or Trunk Port? that is the question

    EMPLOYEE
    Posted Jan 17, 2018 09:06 PM

    Also, Big Welcome to the Community :-)



  • 12.  RE: Access or Trunk Port? that is the question

    Posted Jan 17, 2018 09:10 PM
    THANK YOU!